'Critical' Exploit Detected in Exchange 2000

Microsoft issues a patch for bugs within Microsoft Exchange 2000 e-mail servers that could cause denial of service attacks.

A team of German researchers has found a flaw that could cause severe
overload on Microsoft Exchange 2000 e-mail servers and the software giant
Thursday issued a patch to plug the exploit.

In its latest security bulletin, Microsoft said researchers from the Johannes Gutenberg University in
Mainz, Germany detected a denial of service exploit with Exchange 2000 that
could cause an attacker to overload the CPU storage space on an e-mail
server.

Microsoft said the flaw was found in the way Exchange
2000 handled certain malformed RFC message attributes on received mail.
"Upon receiving a message containing such a malformation, the flaw causes
the Store service to consume 100% of the available CPU in processing the
message," Microsoft explained.

It said the vulnerability results because it is possible for an attacker to
seek to exploit this flaw and mount a denial-of-service attack.

"An attacker could attempt to levy an attack by connecting directly to the
Exchange server and passing a raw, hand-crafted mail message with a
specially malformed attribute. When the message was received and processed
by the Store service, the CPU would spike to 100%. The effects of the attack
would last as long as it took for the Exchange Store service to process the
message. Neither restarting the service nor rebooting the server would
remedy the denial of service," the company warned.

Even though Microsoft described the vulnerability as "critical," it said the
effect of an attack would only be temporary. "Once the server completed
processing the message, normal operations would resume. However, it is not
possible to halt the processing of the message once begun, even with a
reboot," the company said. The vulnerability would not compromise data on
the server or gain administrative control over it.

"Mounting a successful attack requires the ability to pass a hand-crafted
message to the target system, most likely through a simulated server-based
connection. It is not possible to craft a malformed message using an email
client such as Outlook or Outlook Express," Microsoft added.

This article was first published on InternetNews, an internet.com site.